0. Check the version of openssh
ssh -V
1. Create sftp group
groupadd sftp
2. Create a user and specify a group and home directory
useradd -d /mnt/infinitsoft -s /sbin/nologin -g sftp ftpUser
passwd ftpuser
解析:
useradd 添加用户ftpUser
passwd 给用户ftpuser添加密码
-d 指定用户根目录为/mnt/infinitsoft
-s 指定shell脚本为/sbin/nologin,表示不允许shell登录
-g 创建分组sftp
-G 指定root分组
PS: 创建有问题可以删除重新创建 userdel -r ftpUser
3. Set a password
passwd ftpUser
4. Set access rights
chown ftpUser /mnt/infinitsoft/
5. Change the sftp configuration file
Modify the configuration file
vim /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match User RD,IM
ChrootDirectory /mnt
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
ChrootDirectory设置的目录权限及上级,属主和属组必须是root
ChrootDirectory设置的目录权限及上级,只有属主能拥有写权限,最大只能是755
多个用户请重复配置这三行:
Match User RD,IM
ChrootDirectory /mnt
ForceCommand internal-sftp
| parameter | illustrate |
|---|---|
| Subsystem sftp internal-sftp | Specify to use the sftp service to use the internal-sftp that comes with the system |
| Match Group sftp | The user used to match the sftp group. If you want to match multiple groups, separate the multiple groups with commas |
| Match User mysftp | Match users, and multiple usernames are also separated by commas |
| ChrootDirectory /home/%u | Set the root folder accessed by users belonging to the user group sftp |
| ForceCommand internal-sftp | Specify the sftp command |
| AllowTcpForwarding no | |
| X11Forwarding no | Set X forwarding that doesn't allow SSH |
6. Restart the sshd service
service sshd restart
7. Verify that it works
On another client machine, connect using " sftp user @IP "
sftp [email protected]